[Request/Help]Account Changer

[Kawikaan]

Guys May i Request about Change password script(WORKING PLEASE)
thank you in advanced

[MentaL]

[RckyCls]

Save this as. functions.php

Spoiler:

<?php
function mssql_escape($str){
$str = htmlentities($str);
if (ctype_alnum($str))
return $str;
else
return str_ireplace(array(';', '%', "'"), "", $str);
} ?>

Change Password Script. save as pwchg.php

Spoiler:

<?php
ini_set('display_errors', 0);
$connection = mssql_connect('\SQLEXPRESS', 'sa', 'password here'); // <<== Change YOURHOST and YOURPASSWORD

if(!connection || !mssql_select_db('ACCOUNT_DBF', $connection))
{
die('Unable to connect or select database!');
}

$checkusername = $_POST['Username'];
$query = mssql_query("SELECT account FROM ACCOUNT_TBL WHERE account = '$checkusername'");
$result = mssql_fetch_row($query);

$checkpassword = $_POST['FirstPassword'];
$query2 = mssql_query("SELECT password FROM ACCOUNT_TBL WHERE account = '$checkusername'");
$resultpass = mssql_fetch_row($query2);

$passwordcheck = md5('serus' . $_POST['FirstPassword']);

if(isset($_POST['submit'])){
if($_POST['Username'] == ""){
$error = '<font color="red">Please fill up all the fields.</font>';
}
else if($result[0] != $checkusername){
$error = '<font color="red">Your Username doesnt exist.</font>';
}
else if($_POST['FirstPassword'] == ""){
$error = '<font color="red">Please isert your old password.</font>';
}
else if($passwordcheck != $resultpass[0]){
$error = '<font color="red">Your password isnt correct.</font>';
}
else if($_POST['NewPassword'] == ""){
$error = '<font color="red">Please insert your new password.</font>';
}
else if($_POST['NewPassword2'] == ""){
$error = '<font color="red">Please repeat your new password.</font>';
}
else if($_POST['NewPassword'] != $_POST['NewPassword2']){
$error = '<font color="red">Yuor New passwords dont match</font>';
}
else{
$NewPassword = md5('serus' . $_POST['NewPassword']);
mssql_query("UPDATE ACCOUNT_TBL SET password = '$NewPassword' WHERE account = '$checkusername'");
$error = '<font color="green">Your password was successfully changed.</font>';
}
}

echo '<form action="pwchg.php" method="post"><br />';
echo 'Username: <input type="text" name="Username" /><br />';
echo 'Password: <input type="password" name="FirstPassword" /><br />';
echo 'New Password: <input type="password" name="NewPassword" /><br />';
echo 'Repeat New password: <input type="password" name="NewPassword2" /><br /><p>';
echo '<input type="submit" name="submit" value="Change Password!" /><br /><br />';
echo '</form>';
echo $error
?>

Put 2 php files in the same folder.

[ptuser]

Just to let you know, that script ain't secure. Good luck using it though.
Funny how you tell him to save function.php but that script didn't even include function.php

[Satan]

@Ontopic, Kiira's post needs a anti-sql injection protection.

@Pt w/e ..

Stop posting useless crap. This is the 'help' topic.

[ptuser]

@Ontopic, Kiira's post needs a anti-sql injection protection.

@Pt w/e ..

Stop posting useless crap. This is the 'help' topic.

@Saten w/e u r

I obviously point out that it's not secure, and yet you have a problem. I guess you want their server to get hack. Is that so? Anyways, *Shrugs*

[RckyCls]

include function script :)

Spoiler:

<?php
include 'functions.php';
foreach ($_GET as $key=>$getvar){ $_GET[$key] = mssql_escape($getvar); }
foreach ($_POST as $key=>$postvar){ $_POST[$key] = mssql_escape($postvar); } ?>

put before the php script.

[Satan]

@Saten w/e u r

I obviously point out that it's not secure, and yet you have a problem. I guess you want their server to get hack. Is that so? Anyways, *Shrugs*

Stop being a pest. You post useless crap in the help section.

[Kawikaan]

thanks WORKING!!!!

[Improved]

@Saten w/e u r

I obviously point out that it's not secure, and yet you have a problem. I guess you want their server to get hack. Is that so? Anyways, *Shrugs*

Just stfu already.

[Kawikaan]

wahahahha... xD enough your both great ^_^